Detectify Security Updates for March 8

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from February 23 – March 4.

CRITICAL – CVE-2021-26855: Microsoft Exchange SSRF

There is a SSRF in Microsoft Exchange that can be used in an exploit chain to get RCE. An attacker can make HTTP requests to servers within the vulnerable systems network/intranet. It is possible to run arbitrary commands on the server by chaining it with other vulnerabilities.

This is a critical vulnerability and you can views the details on Microsoft’s blog.

CRITICAL – CVE-2021-21973: VMware vCenter RCE

The vSphere Client (HTML5) has a remote code execution vulnerability in the vCenter Server plug-in. An attacker can execute arbitrary code on the server. VMware published work-around instructions on their knowledge base.

CVE-2020-2036: Palo Alto Networks PAN-OS XSS

This module looks for a reflected XSS vulnerability in PAN-OS. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

CVE-2020-26935: phpMyAdmin SQL Injection

PhpMyAdmin before 4.9.6 and 5.x before 5.0.3 has a SQL injection vulnerability. An attacker may be able to execute SQL-code, which includes reading/writing to the database and possible write directly to the file system.

CVE-2020-17518: Apache Flink Arbitrary File Upload

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system. A remote attacker can send a specially crafted HTTP request and upload files on the system.

CVE-2020-1942: Apache NiFi RCE

This module looks for a remote code execution vulnerability in Apache NiFi. An attacker can leverage this to get full control of the server.

CVE-2020-3243: Cisco UCS LFI

This module looks for an LFI vulnerability in Cisco UCS Director before version 6.7.4.0 and in Cisco UCS Director Express for Big Data before version 3.7.4.0. An attacker can leverage this to get full control of the server.

CVE-2020-5722: Grandstream UCM6200 Series SQL Injection

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.

CVE-2020-16194: PrestaShop Opartdevis < 4.0.2 IDOR on addresses fields

This module searches for an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis < 4.0.2. An IDOR vulnerability was found in PrestaShop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.